Most Epic Fail: Crowdstrike President accepts Pwnie Award in person
Eleven Pwnie Awards for notable bugs, hacks, exploits or failures. Crowdstrike admitted to having "failed badly".
The Pwnie trophies.
(Image: Uli Ries)
The Pwnie Awards are the annual "Hacker Oscars" and were presented for the first time this year during the hacker conference Def Con and not, as usual, during the sister conference Black Hat.
Even before the awards ceremony, the winner in the "Most Epic Fail" category, which is always the subject of much malice, had already been decided. The jury behind the Pwnies announced in a tweet at the end of July that Crowdstrike deserved the award for the global IT fiasco caused by the EDR software Falcon. Michael Sentonas, President of Crowdstrike, was on hand to accept the award - in this case not the usual toy pony, but a trophy a good meter high and crowned with a golden pony - in person. He said that Crowdstrike had "failed badly". He wanted to put the trophy in a prominent place in the office so that all Crowdstrike employees would always be reminded.
(Image: Uli Ries)
This year, the jury decided to present one of the Lifetime Achievement Awards, which are only awarded irregularly. The sad occasion was the death of hacker and founder Sophia d' Antoine in April this year. She was part of the loose association behind the Pwnie Awards. Visibly moved, her sister Claudia accepted the pony.
Probably state hacker honored
In the "Best Mobile Bug" category, the prize went to an unknown, probably state-supported attacker, which Kaspersky described in last year's investigation dubbed "Operation Triangulation". The attackers succeeded for the first time in attacking a hardware function in Apple's iPhone.
The second pickle prize for the "Lamest Vendor Response" went to Xiaomi. The company shut down parts of its infrastructure, including the global app store, to make it more difficult for participants in the Pwn2Own hacker competition to hack Xiaomi devices.
The remaining pwnies went to:
Best Cryptograhic Attack: GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers, discovered by boruchen
Best Desktop Bug: A Chrome 0day caused by improperly triggered audio rendering, discovered by @7o8v1
Best Song: Touch Some Grass by UWU Underground
Best Privilege Escalation: Windows Streaming Service UAF, discovered by chompie1337
Best Remote Code Execution: The Overlooked Pattern: CVE-2024-30080's Path to pre-auth RCE by R00t0xk0shl
Most Epic Achievement: Detecting the XZ backdoor, discovered by Andres Freund
Most Innovative Research: Let the Cache Cache and Let the WebAssembly Assemble: Knockin' on Chrome's Shell, discovered by Edouard Bochin and Tao Yan
Most Underhyped Research: See No Eval: Runtime Dynamic Code Execution in Objective-C, discovered by @codecolorist
(emw)
